NCSC-2026-0148
Vulnerability from csaf_ncscnl - Published: 2026-05-13 07:14 - Updated: 2026-05-13 07:14Summary
Kwetsbaarheden verholpen in Microsoft Edge (Chromium)
Notes
The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:
NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.
NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.
This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.
Feiten: Microsoft heeft een groot aantal kwetsbaarheden verholpen in de Edge browser (Chromium).
Interpretaties: De kwetsbaarheden bevinden zich in de code base van Chrome en zijn eerder door Google bekend gesteld. Microsoft verwerkt deze kwetsbaarheden in de Edge browser en verspreidt de updates automatisch. Door de grote hoeveelheid verholpen kwetsbaarheden in deze update verdient het extra aandacht om te controleren dat de Edge browser wordt bijgewerkt naar de laatste versie.
Oplossingen: Microsoft heeft updates beschikbaar gesteld waarmee de beschreven kwetsbaarheden worden verholpen. We raden u aan om deze updates te installeren. Meer informatie over de kwetsbaarheden, de installatie van de updates en eventuele work-arounds vindt u op:
https://portal.msrc.microsoft.com/en-us/security-guidance
Kans: medium
Schade: high
CWE-416: Use After Free
CWE-457: Use of Uninitialized Variable
CWE-20: Improper Input Validation
CWE-125: Out-of-bounds Read
CWE-451: User Interface (UI) Misrepresentation of Critical Information
CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')
A vulnerability in Microsoft Edge (Chromium-based) allows an unauthorized attacker to disclose information over a network by externally controlling file names or paths.
CWE-73 - External Control of File Name or PathAffected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Edge (Chromium-based)
|
vers:unknown/* |
A critical use-after-free vulnerability in Chromoting on Google Chrome for Linux before version 148.0.7778.96 allows remote code execution via malicious network traffic, also affecting Chromium-based Microsoft Edge.
8.8 (High)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Edge (Chromium-based)
|
vers:unknown/* |
A high-severity out-of-bounds read and write vulnerability in the V8 engine of Google Chrome prior to version 148.0.7778.96 allowed remote code execution within a sandbox via crafted HTML, with the fix also applied to Chromium-based Microsoft Edge.
8.8 (High)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Edge (Chromium-based)
|
vers:unknown/* |
A critical use-after-free vulnerability in Google Chrome on iOS before version 148.0.7778.96 allows remote code execution via crafted HTML and specific UI gestures, with the fix also applied to Chromium-based Microsoft Edge.
7.5 (High)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Edge (Chromium-based)
|
vers:unknown/* |
A critical integer overflow vulnerability in Blink affects Google Chrome versions prior to 148.0.7778.96, enabling remote attackers to cause heap corruption via crafted HTML pages.
8.8 (High)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Edge (Chromium-based)
|
vers:unknown/* |
A UI spoofing vulnerability in Google Chrome before version 148.0.7778.96 allowed remote attackers with renderer process access to exploit insufficient validation of untrusted HTML input, with the fix also applied to Chromium-based Microsoft Edge.
5.4 (Medium)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Edge (Chromium-based)
|
vers:unknown/* |
A vulnerability in Google Chrome prior to version 148.0.7778.96 allowed remote attackers to perform UI spoofing via crafted HTML due to insufficient validation of untrusted input in SSL, with the fix also applied to Chromium-based Microsoft Edge.
4.2 (Medium)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Edge (Chromium-based)
|
vers:unknown/* |
A medium severity local privilege escalation vulnerability in Chromoting on Google Chrome for Windows before version 148.0.7778.96 was fixed, with the patch also incorporated into Chromium-based Microsoft Edge.
7.8 (High)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Edge (Chromium-based)
|
vers:unknown/* |
A low severity local privilege escalation vulnerability in the Updater component of Google Chrome on Mac before version 148.0.7778.96 was fixed, with the patch also incorporated into Chromium-based Microsoft Edge.
7.8 (High)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Edge (Chromium-based)
|
vers:unknown/* |
A vulnerability in Google Chrome prior to version 148.0.7778.96 allowed remote attackers to execute arbitrary code inside a sandbox via an out of bounds read in AdFilter, also affecting Microsoft Edge (Chromium-based).
8.8 (High)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Edge (Chromium-based)
|
vers:unknown/* |
A vulnerability in Google Chrome on Linux and ChromeOS prior to version 148.0.7778.96 allowed remote code execution via crafted HTML and UI gestures due to insufficient validation of untrusted input, with the fix also applied to Chromium-based Microsoft Edge.
8.8 (High)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Edge (Chromium-based)
|
vers:unknown/* |
A medium severity vulnerability in the Canvas implementation of Google Chrome versions before 148.0.7778.96 allowed remote attackers to bypass the same origin policy via crafted HTML, with the fix also applied to Chromium-based Microsoft Edge.
6.3 (Medium)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Edge (Chromium-based)
|
vers:unknown/* |
A use-after-free vulnerability in Google Chrome versions prior to 148.0.7778.96 allowed arbitrary code execution via malicious extensions, with the fix also incorporated into Chromium-based Microsoft Edge.
7.5 (High)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Edge (Chromium-based)
|
vers:unknown/* |
A use-after-free vulnerability in Google Chrome DevTools prior to version 148.0.7778.96 allows remote attackers with renderer process access to escape the sandbox via crafted HTML, with the fix incorporated in Chromium-based Microsoft Edge.
8.3 (High)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Edge (Chromium-based)
|
vers:unknown/* |
A use-after-free vulnerability in Blink affected Google Chrome versions prior to 148.0.7778.96, enabling remote code execution within a sandbox via crafted HTML, with a medium severity rating.
8.8 (High)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Edge (Chromium-based)
|
vers:unknown/* |
An integer overflow vulnerability in Dawn component of Google Chrome on Windows before version 148.0.7778.96 allows remote attackers to escape the sandbox via crafted HTML, with a medium severity rating.
8.8 (High)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Edge (Chromium-based)
|
vers:unknown/* |
A medium severity vulnerability in the ORB implementation of Google Chrome before version 148.0.7778.96 allowed remote attackers to bypass site isolation via crafted HTML, with the fix also applied to Chromium-based Microsoft Edge.
6.3 (Medium)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Edge (Chromium-based)
|
vers:unknown/* |
A vulnerability in Google Chrome prior to version 148.0.7778.96 allowed remote attackers who compromised the renderer process to leak cross-origin data via a crafted HTML page, with Microsoft Edge (Chromium-based) also affected and patched accordingly.
4.3 (Medium)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Edge (Chromium-based)
|
vers:unknown/* |
A use-after-free vulnerability in Google Chrome versions prior to 148.0.7778.96 allows remote attackers with renderer process access to escape the sandbox via crafted HTML, with the fix also applied to Chromium-based Microsoft Edge.
8.3 (High)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Edge (Chromium-based)
|
vers:unknown/* |
An integer overflow vulnerability in Google Chrome prior to version 148.0.7778.96 allowed remote attackers with renderer process access to bypass the same origin policy via crafted HTML, rated medium severity.
4.3 (Medium)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Edge (Chromium-based)
|
vers:unknown/* |
A vulnerability in Google Chrome before version 148.0.7778.96 allowed attackers with renderer process access to bypass the same origin policy via crafted HTML due to insufficient CORS input validation, with the fix also applied to Chromium-based Microsoft Edge.
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Edge (Chromium-based)
|
vers:unknown/* |
A vulnerability in Google Chrome prior to version 148.0.7778.96 allowed remote attackers with renderer process access to escape the sandbox via crafted HTML due to insufficient validation of untrusted input in navigation.
8.3 (High)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Edge (Chromium-based)
|
vers:unknown/* |
A vulnerability in Google Chrome prior to version 148.0.7778.96 allowed remote attackers to bypass site isolation by exploiting insufficient validation of untrusted input in the renderer process, with the fix also included in Chromium-based Microsoft Edge.
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Edge (Chromium-based)
|
vers:unknown/* |
A vulnerability in Google Chrome prior to version 148.0.7778.96 allowed remote attackers with renderer process access to perform arbitrary read/write operations via crafted HTML due to insufficient validation in the FileSystem API.
4.2 (Medium)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Edge (Chromium-based)
|
vers:unknown/* |
A vulnerability in the ServiceWorker implementation in Google Chrome versions before 148.0.7778.96 allowed remote attackers with renderer process access to escape the sandbox via crafted HTML pages, with the fix incorporated in Chromium-based Microsoft Edge.
8.3 (High)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Edge (Chromium-based)
|
vers:unknown/* |
A medium severity vulnerability in Google Chrome on Android before version 148.0.7778.96 allowed attackers compromising the renderer process to spoof the URL bar via crafted HTML, with the fix also applied to Chromium-based Microsoft Edge.
4.2 (Medium)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Edge (Chromium-based)
|
vers:unknown/* |
A medium severity vulnerability in DirectSockets of Google Chrome before version 148.0.7778.96 allowed remote attackers to perform arbitrary read/write via a crafted Chrome Extension.
5.4 (Medium)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Edge (Chromium-based)
|
vers:unknown/* |
A use-after-free vulnerability in Google Chrome versions prior to 148.0.7778.96 allowed remote attackers to execute arbitrary code within a sandbox via a crafted HTML page, also affecting Microsoft Edge (Chromium-based) through the shared Chromium update.
8.8 (High)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Edge (Chromium-based)
|
vers:unknown/* |
A medium severity vulnerability in Google Chrome before version 148.0.7778.96 allowed remote attackers with renderer process access to extract sensitive information from process memory via crafted HTML pages.
5.3 (Medium)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Edge (Chromium-based)
|
vers:unknown/* |
A medium severity vulnerability in Google Chrome before version 148.0.7778.96 allowed local network attackers to leak cross-origin data due to insufficient validation of untrusted input in permissions, with the fix also applied to Chromium-based Microsoft Edge.
4.3 (Medium)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Edge (Chromium-based)
|
vers:unknown/* |
A medium severity vulnerability in Google Chrome prior to version 148.0.7778.96 allowed remote attackers with renderer process access to bypass site isolation via crafted HTML, with the fix also included in Chromium-based Microsoft Edge.
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Edge (Chromium-based)
|
vers:unknown/* |
A medium severity vulnerability in the ServiceWorker implementation of Google Chrome versions before 148.0.7778.96 allowed arbitrary script or HTML injection via malicious extensions, with the fix also applied to Chromium-based Microsoft Edge.
5.4 (Medium)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Edge (Chromium-based)
|
vers:unknown/* |
A medium severity local privilege escalation vulnerability in the Updater component of Google Chrome on Windows before version 148.0.7778.96 was fixed, with the patch also included in Chromium-based Microsoft Edge.
7.8 (High)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Edge (Chromium-based)
|
vers:unknown/* |
A medium-severity out-of-bounds write vulnerability in Media on Google Chrome for Mac and iOS prior to version 148.0.7778.96 allows remote attackers with renderer process access to execute arbitrary code within a sandbox via crafted HTML pages.
8.8 (High)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Edge (Chromium-based)
|
vers:unknown/* |
A use-after-free vulnerability in Google Chrome versions before 148.0.7778.96 allows a remote attacker controlling the renderer process to escape the sandbox via a crafted HTML page, affecting Chromium-based browsers including Microsoft Edge.
8.3 (High)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Edge (Chromium-based)
|
vers:unknown/* |
A vulnerability in Google Chrome before version 148.0.7778.96 allowed remote attackers with renderer process access to extract sensitive GPU memory data via crafted HTML, with the fix also applied to Chromium-based Microsoft Edge.
5.3 (Medium)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Edge (Chromium-based)
|
vers:unknown/* |
A race condition vulnerability in Shared Storage of Google Chrome versions before 148.0.7778.96 allowed remote attackers compromising the renderer process to leak cross-origin data, affecting Chromium-based browsers including Microsoft Edge.
CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Edge (Chromium-based)
|
vers:unknown/* |
A UXSS vulnerability in Google Chrome versions before 148.0.7778.96 allowed remote attackers to inject arbitrary scripts or HTML via insufficient validation of untrusted input in the Omnibox, with the fix also applied to Chromium-based Microsoft Edge.
6.1 (Medium)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Edge (Chromium-based)
|
vers:unknown/* |
A vulnerability in Google Chrome prior to version 148.0.7778.96 allowed remote attackers with renderer process access to leak cross-origin data due to insufficient validation of untrusted input in DevTools, with the fix incorporated in Chromium-based Microsoft Edge.
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Edge (Chromium-based)
|
vers:unknown/* |
A vulnerability in Google Chrome versions before 148.0.7778.96 allowed remote attackers to bypass discretionary access control via crafted HTML pages due to insufficient policy enforcement in Extensions, with the fix incorporated in Chromium-based Microsoft Edge.
4.2 (Medium)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Edge (Chromium-based)
|
vers:unknown/* |
A medium severity vulnerability in WebRTC within Google Chrome versions before 148.0.7778.96 allowed remote attackers to execute arbitrary code in a sandbox via crafted HTML, with the fix also applied to Chromium-based Microsoft Edge.
8.8 (High)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Edge (Chromium-based)
|
vers:unknown/* |
A medium-severity out-of-bounds read vulnerability in Skia within Google Chrome versions prior to 148.0.7778.96 allows remote attackers with renderer process access to leak cross-origin data via malicious Chrome Extensions.
CWE-125 - Out-of-bounds ReadAffected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Edge (Chromium-based)
|
vers:unknown/* |
A vulnerability in Google Chrome prior to version 148.0.7778.96 allowed remote attackers to perform arbitrary read and write operations via out-of-bounds access in the GFX component, also affecting Chromium-based Microsoft Edge.
5.4 (Medium)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Edge (Chromium-based)
|
vers:unknown/* |
A race condition vulnerability in Chromoting on Google Chrome for Windows before version 148.0.7778.96 allowed local privilege escalation via a malicious file, rated medium severity and fixed in Chromium-based Microsoft Edge as well.
7.5 (High)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Edge (Chromium-based)
|
vers:unknown/* |
A low-severity vulnerability in V8 engine of Google Chrome versions before 148.0.7778.96 allowed remote attackers to access sensitive process memory via crafted HTML pages, with the fix incorporated in Chromium-based Microsoft Edge.
4.3 (Medium)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Edge (Chromium-based)
|
vers:unknown/* |
A vulnerability in Google Chrome before version 148.0.7778.96 allowed remote attackers who compromised the renderer process to perform UI spoofing via crafted HTML due to insufficient validation of untrusted input, also affecting Microsoft Edge (Chromium-based).
4.2 (Medium)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Edge (Chromium-based)
|
vers:unknown/* |
A vulnerability in Google Chrome versions before 148.0.7778.96 allowed remote attackers to bypass site isolation via insufficient WebUI policy enforcement, affecting multiple operating systems and fixed in Chromium-based Microsoft Edge as well.
4.3 (Medium)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Edge (Chromium-based)
|
vers:unknown/* |
A medium severity vulnerability in Google Chrome prior to version 148.0.7778.96 allowed remote attackers compromising the renderer process to bypass site isolation via insufficient validation of untrusted input in COOP.
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Edge (Chromium-based)
|
vers:unknown/* |
A vulnerability in Google Chrome prior to version 148.0.7778.96 allowed remote attackers with renderer process access to bypass site isolation via crafted HTML due to insufficient validation in the Persistent Cache.
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Edge (Chromium-based)
|
vers:unknown/* |
A vulnerability in ANGLE in Google Chrome before version 148.0.7778.96 allows remote attackers with renderer process access to perform arbitrary read/write via crafted HTML due to insufficient input validation, affecting Chrome and Chromium-based Microsoft Edge.
4.2 (Medium)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Edge (Chromium-based)
|
vers:unknown/* |
An integer overflow vulnerability in ANGLE within Google Chrome versions prior to 148.0.7778.96 allowed remote attackers to leak cross-origin data via crafted HTML pages, with a medium severity rating.
4.3 (Medium)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Edge (Chromium-based)
|
vers:unknown/* |
A UXSS vulnerability in Google Chrome on Android before version 148.0.7778.96 allowed local attackers to inject arbitrary scripts or HTML via crafted Chrome Extensions, with the fix also applied to Chromium-based Microsoft Edge.
4.4 (Medium)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Edge (Chromium-based)
|
vers:unknown/* |
A use-after-free vulnerability in V8 within Google Chrome versions prior to 148.0.7778.96 allowed arbitrary code execution via malicious extensions, rated medium severity and fixed in Chrome and Chromium-based Microsoft Edge.
8.8 (High)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Edge (Chromium-based)
|
vers:unknown/* |
A UXSS vulnerability in SanitizerAPI affected Google Chrome versions before 148.0.7778.96, allowing remote attackers to inject arbitrary scripts or HTML via crafted pages, with the fix also applied to Chromium-based Microsoft Edge.
5.4 (Medium)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Edge (Chromium-based)
|
vers:unknown/* |
A use-after-free vulnerability in CSS in Google Chrome versions before 148.0.7778.96 allowed remote code execution within a sandbox via crafted HTML, affecting Chrome and Chromium-based Microsoft Edge, rated medium severity.
8.8 (High)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Edge (Chromium-based)
|
vers:unknown/* |
A medium severity vulnerability in Google Chrome Autofill prior to version 148.0.7778.96 allowed remote attackers to leak cross-origin data via crafted HTML pages, with the fix incorporated in Chromium-based Microsoft Edge.
4.3 (Medium)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Edge (Chromium-based)
|
vers:unknown/* |
A vulnerability in Google Chrome versions prior to 148.0.7778.96 allowed attackers to bypass navigation restrictions by tricking users into installing malicious extensions, also addressed in Chromium-based Microsoft Edge.
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Edge (Chromium-based)
|
vers:unknown/* |
A medium severity vulnerability in V8 engine of Google Chrome before version 148.0.7778.96 allows remote attackers to perform out-of-bounds memory reads via crafted HTML pages, also affecting Chromium-based Microsoft Edge.
4.3 (Medium)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Edge (Chromium-based)
|
vers:unknown/* |
A vulnerability in Google Chrome versions prior to 148.0.7778.96 allowed remote attackers with renderer process access to perform arbitrary read/write via insufficient data validation in DataTransfer, with the fix incorporated in Chromium-based Microsoft Edge.
4.2 (Medium)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Edge (Chromium-based)
|
vers:unknown/* |
A type confusion vulnerability in WebRTC affected Google Chrome versions before 148.0.7778.96, allowing remote code execution within a sandbox, with a medium severity rating.
8.8 (High)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Edge (Chromium-based)
|
vers:unknown/* |
A use-after-free vulnerability in WebRTC in Google Chrome versions before 148.0.7778.96 allowed remote code execution within a sandbox via crafted HTML, affecting Chrome and Chromium-based Microsoft Edge with medium severity.
8.8 (High)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Edge (Chromium-based)
|
vers:unknown/* |
A use-after-free vulnerability in the GPU component of Google Chrome versions prior to 148.0.7778.96 allows remote attackers controlling the renderer process to escape the sandbox via crafted HTML, with fixes included in Chromium-based Microsoft Edge.
8.3 (High)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Edge (Chromium-based)
|
vers:unknown/* |
A use-after-free vulnerability in Google Chrome ReadingMode before version 148.0.7778.96 allowed remote attackers with renderer process access to execute arbitrary code within a sandbox, rated medium severity.
8.8 (High)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Edge (Chromium-based)
|
vers:unknown/* |
A medium-severity out-of-bounds read vulnerability in Google Chrome prior to version 148.0.7778.96 allows remote attackers to leak cross-origin data via crafted HTML pages, with the fix also applied to Chromium-based Microsoft Edge.
4.3 (Medium)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Edge (Chromium-based)
|
vers:unknown/* |
A medium-severity out-of-bounds read vulnerability in Google Chrome codecs prior to version 148.0.7778.96 allows remote attackers to access sensitive process memory via malicious files, with the fix also applied to Chromium-based Microsoft Edge.
8.1 (High)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Edge (Chromium-based)
|
vers:unknown/* |
A use-after-free vulnerability in WebAudio in Google Chrome versions before 148.0.7778.96 allowed remote code execution within a sandbox via crafted HTML, with a medium severity rating.
8.8 (High)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Edge (Chromium-based)
|
vers:unknown/* |
A medium severity vulnerability in Companion on Google Chrome for Mac before version 148.0.7778.96 allowed remote attackers to escalate OS-level privileges via malicious network traffic, with the fix incorporated in Chromium-based Microsoft Edge.
8.1 (High)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Edge (Chromium-based)
|
vers:unknown/* |
A medium severity vulnerability in Google Chrome versions prior to 148.0.7778.96 allowed remote attackers to leak cross-origin data via crafted HTML pages, with the fix incorporated in Chromium-based Microsoft Edge.
4.3 (Medium)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Edge (Chromium-based)
|
vers:unknown/* |
A medium severity vulnerability in WebCodecs affected Google Chrome versions before 148.0.7778.96, allowing remote attackers to access sensitive process memory via crafted HTML pages, with the fix also incorporated in Chromium-based Microsoft Edge.
6.5 (Medium)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Edge (Chromium-based)
|
vers:unknown/* |
A vulnerability in Google Chrome's Popup Blocker prior to version 148.0.7778.96 allowed remote attackers with renderer process access to bypass navigation restrictions via crafted HTML, affecting Chrome and Chromium-based Microsoft Edge.
4.2 (Medium)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Edge (Chromium-based)
|
vers:unknown/* |
A medium-severity out-of-bounds memory read vulnerability in WebCodecs affected Google Chrome versions prior to 148.0.7778.96 and was exploitable via crafted video files, with the fix incorporated into Chromium-based Microsoft Edge.
4.3 (Medium)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Edge (Chromium-based)
|
vers:unknown/* |
A medium severity UI spoofing vulnerability in the Speech implementation of Google Chrome before version 148.0.7778.96 affects Chromium-based browsers including Microsoft Edge.
5.4 (Medium)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Edge (Chromium-based)
|
vers:unknown/* |
A vulnerability in Google Chrome prior to version 148.0.7778.96 allowed local attackers to bypass navigation restrictions via crafted HTML pages due to insufficient policy enforcement in Downloads, with the fix also applied in Chromium-based Microsoft Edge.
4.4 (Medium)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Edge (Chromium-based)
|
vers:unknown/* |
A use-after-free vulnerability in MediaRecording in Google Chrome prior to version 148.0.7778.96 allowed remote code execution via crafted HTML and user interaction, with the fix also applied to Chromium-based Microsoft Edge.
7.5 (High)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Edge (Chromium-based)
|
vers:unknown/* |
A UI spoofing vulnerability in Google Chrome on iOS versions prior to 148.0.7778.96 allowed remote attackers to exploit insufficient validation of untrusted input, with the fix incorporated in Chromium-based Microsoft Edge.
5.4 (Medium)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Edge (Chromium-based)
|
vers:unknown/* |
A privilege escalation vulnerability in Google Chrome before version 148.0.7778.96, caused by insufficient validation of untrusted cookie input, was fixed and the patch has been incorporated into Chromium-based Microsoft Edge.
8.8 (High)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Edge (Chromium-based)
|
vers:unknown/* |
A type confusion vulnerability in Google Chrome versions prior to 148.0.7778.96 allowed remote code execution within a sandbox via crafted HTML, affecting Chrome and Chromium-based Microsoft Edge browsers.
8.8 (High)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Edge (Chromium-based)
|
vers:unknown/* |
A use-after-free vulnerability in WebRTC on Google Chrome for Windows before version 148.0.7778.96 allowed remote code execution within a sandbox via crafted HTML, rated high severity and fixed in Chromium-based Microsoft Edge as well.
8.8 (High)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Edge (Chromium-based)
|
vers:unknown/* |
A high severity use-after-free vulnerability in PresentationAPI affected Google Chrome versions prior to 148.0.7778.96, enabling remote code execution within a sandbox via crafted HTML, with the fix also applied to Chromium-based Microsoft Edge.
8.8 (High)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Edge (Chromium-based)
|
vers:unknown/* |
A high severity use-after-free vulnerability in Chromoting on Google Chrome for Windows before version 148.0.7778.96 allows local privilege escalation via a malicious file, with the fix also included in Chromium-based Microsoft Edge.
7.8 (High)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Edge (Chromium-based)
|
vers:unknown/* |
A high-severity uninitialized use vulnerability in Dawn affects Google Chrome versions prior to 148.0.7778.96, allowing remote attackers to access sensitive process memory via crafted HTML pages, with the fix incorporated in Chromium-based Microsoft Edge.
6.5 (Medium)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Edge (Chromium-based)
|
vers:unknown/* |
A high-severity out-of-bounds write vulnerability in Skia within Google Chrome versions prior to 148.0.7778.96 allows remote attackers with renderer process access to escape the sandbox via crafted HTML, also affecting Chromium-based Microsoft Edge.
8.3 (High)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Edge (Chromium-based)
|
vers:unknown/* |
A use-after-free vulnerability in ServiceWorker in Google Chrome versions prior to 148.0.7778.96 allows remote attackers to perform sandbox escape via crafted HTML, rated high severity and fixed in Chromium-based Microsoft Edge as well.
8.3 (High)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Edge (Chromium-based)
|
vers:unknown/* |
A use-after-free vulnerability in Google Chrome versions prior to 148.0.7778.96 allows remote code execution via crafted HTML pages, affecting Chromium-based browsers including Microsoft Edge, with high severity.
8.8 (High)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Edge (Chromium-based)
|
vers:unknown/* |
A high severity use-after-free vulnerability in Skia within Google Chrome versions prior to 148.0.7778.96 allows remote attackers with renderer process access to escape the sandbox via crafted HTML pages.
8.3 (High)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Edge (Chromium-based)
|
vers:unknown/* |
A use-after-free vulnerability in the GPU component of Google Chrome prior to version 148.0.7778.96 allows remote attackers controlling the renderer process to escape the sandbox via crafted HTML, posing a high security risk.
8.3 (High)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Edge (Chromium-based)
|
vers:unknown/* |
A use-after-free vulnerability in Fullscreen mode in Google Chrome on Windows prior to version 148.0.7778.96 allows remote attackers controlling the renderer process to escape the sandbox via crafted HTML pages.
8.3 (High)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Edge (Chromium-based)
|
vers:unknown/* |
A use-after-free vulnerability in Aura in Google Chrome versions prior to 148.0.7778.96 allows remote attackers with renderer process access to escape the sandbox via crafted HTML, with the fix also applied to Chromium-based Microsoft Edge.
8.3 (High)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Edge (Chromium-based)
|
vers:unknown/* |
A high-severity vulnerability in Google Chrome before version 148.0.7778.96 allowed remote sandbox escape via crafted HTML due to insufficient data validation in InterestGroups, with the fix also applied to Chromium-based Microsoft Edge.
8.3 (High)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Edge (Chromium-based)
|
vers:unknown/* |
A high-severity vulnerability in Google Chrome on Android prior to version 148.0.7778.96 allowed remote attackers to bypass navigation restrictions via insufficient data validation in DevTools, also affecting Microsoft Edge (Chromium-based).
4.3 (Medium)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Edge (Chromium-based)
|
vers:unknown/* |
A high severity type confusion vulnerability in Google Chrome on Windows before version 148.0.7778.96 allows remote attackers with renderer process access to escape the sandbox via crafted HTML, with fixes included in Chromium-based Microsoft Edge.
8.3 (High)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Edge (Chromium-based)
|
vers:unknown/* |
A high-severity privilege escalation vulnerability in Google Chrome on Android prior to version 148.0.7778.96, caused by insufficient DevTools policy enforcement, also affects Chromium-based Microsoft Edge via Chromium updates.
7.8 (High)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Edge (Chromium-based)
|
vers:unknown/* |
An integer overflow vulnerability in the GPU component of Google Chrome on Android before version 148.0.7778.96 allowed remote attackers with renderer process access to perform arbitrary read/write operations, rated high severity.
4.2 (Medium)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Edge (Chromium-based)
|
vers:unknown/* |
A use-after-free vulnerability in Aura on Google Chrome for Windows before version 148.0.7778.96 allows remote attackers with renderer process access to escape the sandbox via crafted HTML pages.
8.3 (High)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Edge (Chromium-based)
|
vers:unknown/* |
A high severity vulnerability in ServiceWorker implementation in Google Chrome before version 148.0.7778.96 allowed remote attackers with renderer process access to bypass site isolation via crafted HTML pages, with fixes incorporated in Chromium-based Microsoft Edge.
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Edge (Chromium-based)
|
vers:unknown/* |
A high severity use-after-free vulnerability in Google Chrome prior to version 148.0.7778.96 allowed remote attackers with renderer process access to bypass site isolation via crafted HTML, with the fix also applied to Chromium-based Microsoft Edge.
9.6 (Critical)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Edge (Chromium-based)
|
vers:unknown/* |
A use-after-free vulnerability in the Fullscreen feature of Google Chrome prior to version 148.0.7778.96 allows remote attackers to escape the sandbox via crafted HTML, with a high severity rating.
9.6 (Critical)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Edge (Chromium-based)
|
vers:unknown/* |
A use-after-free vulnerability in the DOM of Google Chrome versions prior to 148.0.7778.96 allowed remote attackers to execute arbitrary code within a sandbox via crafted HTML, with the fix also applied to Chromium-based Microsoft Edge.
8.8 (High)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Edge (Chromium-based)
|
vers:unknown/* |
A high-severity vulnerability in Google Chrome on Android prior to version 148.0.7778.96 allowed remote attackers with renderer process access to escape the sandbox via crafted HTML, with the fix also applied to Chromium-based Microsoft Edge.
8.3 (High)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Edge (Chromium-based)
|
vers:unknown/* |
A use-after-free vulnerability in SVG in Google Chrome prior to version 148.0.7778.96 allowed remote code execution within a sandbox via crafted HTML, affecting Chromium-based browsers including Microsoft Edge.
8.8 (High)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Edge (Chromium-based)
|
vers:unknown/* |
A high-severity out-of-bounds memory read vulnerability in Fonts affected Google Chrome versions prior to 148.0.7778.96 and was exploitable via a crafted HTML page, with the fix incorporated in Chromium-based Microsoft Edge.
4.3 (Medium)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Edge (Chromium-based)
|
vers:unknown/* |
An integer overflow vulnerability in ANGLE within Google Chrome versions prior to 148.0.7778.96 on Mac and Windows allows remote attackers to cause heap corruption via crafted HTML pages, with high severity.
8.8 (High)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Edge (Chromium-based)
|
vers:unknown/* |
A high-severity out-of-bounds memory access vulnerability in V8 prior to Chrome 148.0.7778.96 allowed remote code execution within a sandbox via crafted HTML, affecting Chrome and Chromium-based Microsoft Edge.
8.8 (High)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Edge (Chromium-based)
|
vers:unknown/* |
A high severity use-after-free vulnerability in ANGLE on Google Chrome for Mac before version 148.0.7778.96 allows remote code execution within a sandbox via crafted HTML, with the fix incorporated in Chromium-based Microsoft Edge.
8.8 (High)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Edge (Chromium-based)
|
vers:unknown/* |
A heap buffer overflow vulnerability in ANGLE within Google Chrome versions before 148.0.7778.96 allows remote attackers with renderer process access to potentially escape the sandbox via crafted HTML pages.
8.3 (High)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Edge (Chromium-based)
|
vers:unknown/* |
A vulnerability in Google Chrome on Android before version 148.0.7778.96 allowed remote attackers with renderer process access to extract sensitive GPU memory data via crafted HTML, with the fix also applied to Chromium-based Microsoft Edge.
5.3 (Medium)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Edge (Chromium-based)
|
vers:unknown/* |
A low-severity UI spoofing vulnerability in Google Chrome versions prior to 148.0.7778.96, caused by insufficient policy enforcement in WebApp, is addressed in Chromium-based Microsoft Edge.
5.4 (Medium)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Edge (Chromium-based)
|
vers:unknown/* |
A low-severity vulnerability in Google Chrome before version 148.0.7778.96 allowed remote attackers to escape the sandbox via malicious network traffic due to insufficient DevTools policy enforcement, with the fix also applied to Chromium-based Microsoft Edge.
8.1 (High)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Edge (Chromium-based)
|
vers:unknown/* |
A low severity vulnerability in the MHTML implementation of Google Chrome before version 148.0.7778.96 allowed remote attackers to leak cross-origin data via crafted pages and user interactions, with the fix also applied to Chromium-based Microsoft Edge.
CWE-1021 - Improper Restriction of Rendered UI Layers or FramesAffected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Edge (Chromium-based)
|
vers:unknown/* |
A side-channel information leakage vulnerability in Google Chrome versions prior to 148.0.7778.96 allowed remote attackers to leak cross-origin data via crafted HTML pages, with a low severity rating.
CWE-1300 - Improper Protection of Physical Side ChannelsAffected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Edge (Chromium-based)
|
vers:unknown/* |
A low severity script injection vulnerability in Google Chrome versions before 148.0.7778.96 allowed remote attackers to inject arbitrary scripts or HTML via specific UI gestures on crafted pages, with the fix also applied to Chromium-based Microsoft Edge.
4.2 (Medium)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Edge (Chromium-based)
|
vers:unknown/* |
A low-severity vulnerability in the Preload feature of Google Chrome versions before 148.0.7778.96 allowed remote attackers to leak cross-origin data via crafted HTML, with the fix incorporated in Chromium-based Microsoft Edge.
4.3 (Medium)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Edge (Chromium-based)
|
vers:unknown/* |
A low-severity UI spoofing vulnerability in Media on Google Chrome versions prior to 148.0.7778.96 was fixed, with the patch also incorporated into the Chromium-based Microsoft Edge browser.
5.4 (Medium)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Edge (Chromium-based)
|
vers:unknown/* |
A use-after-free vulnerability in WebRTC in Google Chrome versions prior to 148.0.7778.96 allowed remote code execution within a sandbox via crafted HTML, rated low severity and fixed in Chrome and Chromium-based Microsoft Edge.
8.8 (High)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Edge (Chromium-based)
|
vers:unknown/* |
A low severity vulnerability in the MHTML implementation of Google Chrome before version 148.0.7778.96 allowed remote attackers with renderer process access to inject arbitrary scripts or HTML.
5.4 (Medium)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Edge (Chromium-based)
|
vers:unknown/* |
A low-severity vulnerability in Google Chrome before version 148.0.7778.96 allowed remote attackers to leak cross-origin data due to insufficient policy enforcement in Search, addressed in Chromium-based Microsoft Edge.
4.3 (Medium)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Edge (Chromium-based)
|
vers:unknown/* |
A low severity vulnerability in FedCM in Google Chrome versions before 148.0.7778.96 allowed remote attackers to leak cross-origin data due to insufficient validation of untrusted input, with the fix also applied to Chromium-based Microsoft Edge.
4.3 (Medium)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Edge (Chromium-based)
|
vers:unknown/* |
A vulnerability in Google Chrome versions before 148.0.7778.96 allowed remote attackers with renderer process access to bypass navigation restrictions via crafted HTML, with the fix also applied to Chromium-based Microsoft Edge.
5.0 (Medium)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Edge (Chromium-based)
|
vers:unknown/* |
A vulnerability in Google Chrome prior to version 148.0.7778.96 allowed remote attackers to bypass site isolation by exploiting insufficient validation of untrusted input in the renderer process, with the fix also applied to Chromium-based Microsoft Edge.
6.3 (Medium)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Edge (Chromium-based)
|
vers:unknown/* |
A UI spoofing vulnerability in Google Chrome versions prior to 148.0.7778.96, rated low severity, was fixed and the patch has been incorporated into Chromium-based Microsoft Edge.
5.4 (Medium)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Edge (Chromium-based)
|
vers:unknown/* |
A vulnerability in Google Chrome prior to version 148.0.7778.96 allowed remote attackers to escalate privileges via crafted HTML due to insufficient validation in the Cast component, with the fix also included in Chromium-based Microsoft Edge.
7.5 (High)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Edge (Chromium-based)
|
vers:unknown/* |
A UI spoofing vulnerability in Google Chrome versions prior to 148.0.7778.96, caused by insufficient policy enforcement in DevTools via malicious extensions, has been fixed and the patch is also incorporated in Chromium-based Microsoft Edge.
5.4 (Medium)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Edge (Chromium-based)
|
vers:unknown/* |
A vulnerability in Google Chrome before version 148.0.7778.96 allowed local network attackers to bypass the same origin policy via insufficient validation in the Cast feature, with the fix also applied to Chromium-based Microsoft Edge.
4.3 (Medium)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Edge (Chromium-based)
|
vers:unknown/* |
A use-after-free vulnerability in the Audio component of Google Chrome on Mac prior to version 148.0.7778.96 allows remote code execution within a sandbox via crafted HTML, rated with low severity.
8.8 (High)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Edge (Chromium-based)
|
vers:unknown/* |
A vulnerability in Google Chrome prior to version 148.0.7778.96 allowed data leakage across origins via malicious extensions due to insufficient DevTools policy enforcement, with the fix also applied to Chromium-based Microsoft Edge.
4.3 (Medium)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Edge (Chromium-based)
|
vers:unknown/* |
A low-severity UI spoofing vulnerability in Google Chrome prior to version 148.0.7778.96, caused by insufficient validation of untrusted input in TabGroups, has been fixed and the patch is also incorporated in Chromium-based Microsoft Edge.
5.4 (Medium)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Edge (Chromium-based)
|
vers:unknown/* |
A remote code execution vulnerability in ChromeDriver for Google Chrome on Windows before version 148.0.7778.96 was caused by insufficient validation of untrusted input in crafted HTML.
8.8 (High)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Edge (Chromium-based)
|
vers:unknown/* |
A Use After Free vulnerability in Google Chrome's printing component on Linux, Mac, and ChromeOS prior to version 148.0.7778.96 allows remote sandbox escape via crafted HTML, rated low severity and fixed in Chromium-based Microsoft Edge as well.
8.3 (High)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Edge (Chromium-based)
|
vers:unknown/* |
A user interface misrepresentation vulnerability in Microsoft Edge (Chromium-based) allows unauthorized attackers to perform network spoofing, potentially misleading users about network connections.
CWE-451 - User Interface (UI) Misrepresentation of Critical InformationAffected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Edge (Chromium-based)
|
vers:unknown/* |
A vulnerability in Microsoft Edge (Chromium-based) involving improper neutralization of special elements in output can enable unauthorized attackers to elevate privileges over a network.
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Edge (Chromium-based)
|
vers:unknown/* |
A user interface misrepresentation vulnerability in Microsoft Edge (Chromium-based) allows unauthorized attackers to conduct network spoofing attacks by misleading users about network connections.
CWE-451 - User Interface (UI) Misrepresentation of Critical InformationAffected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Edge (Chromium-based)
|
vers:unknown/* |
A user interface misrepresentation vulnerability in Microsoft Edge for Android enables unauthorized attackers to perform network spoofing by misleading users about network connections.
CWE-451 - User Interface (UI) Misrepresentation of Critical InformationAffected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Edge (Chromium-based)
|
vers:unknown/* |
A command injection vulnerability in Microsoft Edge's Copilot Chat due to improper neutralization of special elements allows unauthorized attackers to disclose information over a network.
CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Edge (Chromium-based)
|
vers:unknown/* |
References
133 references
{
"document": {
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE"
}
},
"lang": "nl",
"notes": [
{
"category": "legal_disclaimer",
"text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings."
},
{
"category": "description",
"text": "Microsoft heeft een groot aantal kwetsbaarheden verholpen in de Edge browser (Chromium).",
"title": "Feiten"
},
{
"category": "description",
"text": "De kwetsbaarheden bevinden zich in de code base van Chrome en zijn eerder door Google bekend gesteld. Microsoft verwerkt deze kwetsbaarheden in de Edge browser en verspreidt de updates automatisch. Door de grote hoeveelheid verholpen kwetsbaarheden in deze update verdient het extra aandacht om te controleren dat de Edge browser wordt bijgewerkt naar de laatste versie.\n",
"title": "Interpretaties"
},
{
"category": "description",
"text": "Microsoft heeft updates beschikbaar gesteld waarmee de beschreven kwetsbaarheden worden verholpen. We raden u aan om deze updates te installeren. Meer informatie over de kwetsbaarheden, de installatie van de updates en eventuele work-arounds vindt u op:\n\nhttps://portal.msrc.microsoft.com/en-us/security-guidance",
"title": "Oplossingen"
},
{
"category": "general",
"text": "medium",
"title": "Kans"
},
{
"category": "general",
"text": "high",
"title": "Schade"
},
{
"category": "general",
"text": "Use After Free",
"title": "CWE-416"
},
{
"category": "general",
"text": "Use of Uninitialized Variable",
"title": "CWE-457"
},
{
"category": "general",
"text": "Improper Input Validation",
"title": "CWE-20"
},
{
"category": "general",
"text": "Out-of-bounds Read",
"title": "CWE-125"
},
{
"category": "general",
"text": "User Interface (UI) Misrepresentation of Critical Information",
"title": "CWE-451"
},
{
"category": "general",
"text": "Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)",
"title": "CWE-74"
},
{
"category": "general",
"text": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
"title": "CWE-77"
}
],
"publisher": {
"category": "coordinator",
"contact_details": "cert@ncsc.nl",
"name": "Nationaal Cyber Security Centrum",
"namespace": "https://www.ncsc.nl/"
},
"title": "Kwetsbaarheden verholpen in Microsoft Edge (Chromium)",
"tracking": {
"current_release_date": "2026-05-13T07:14:03.202357Z",
"generator": {
"date": "2025-08-04T16:30:00Z",
"engine": {
"name": "V.A.",
"version": "1.3"
}
},
"id": "NCSC-2026-0148",
"initial_release_date": "2026-05-13T07:14:03.202357Z",
"revision_history": [
{
"date": "2026-05-13T07:14:03.202357Z",
"number": "1.0.0",
"summary": "Initiele versie"
}
],
"status": "final",
"version": "1.0.0"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-1"
}
}
],
"category": "product_name",
"name": "Edge (Chromium-based)"
}
],
"category": "vendor",
"name": "Microsoft"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-41107",
"cwe": {
"id": "CWE-73",
"name": "External Control of File Name or Path"
},
"notes": [
{
"category": "other",
"text": "External Control of File Name or Path",
"title": "CWE-73"
},
{
"category": "description",
"text": "A vulnerability in Microsoft Edge (Chromium-based) allows an unauthorized attacker to disclose information over a network by externally controlling file names or paths.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-41107 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-41107.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-41107"
},
{
"cve": "CVE-2026-7898",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
},
{
"category": "description",
"text": "A critical use-after-free vulnerability in Chromoting on Google Chrome for Linux before version 148.0.7778.96 allows remote code execution via malicious network traffic, also affecting Chromium-based Microsoft Edge.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-7898 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-7898.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-7898"
},
{
"cve": "CVE-2026-7899",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Read",
"title": "CWE-125"
},
{
"category": "other",
"text": "Out-of-bounds Write",
"title": "CWE-787"
},
{
"category": "description",
"text": "A high-severity out-of-bounds read and write vulnerability in the V8 engine of Google Chrome prior to version 148.0.7778.96 allowed remote code execution within a sandbox via crafted HTML, with the fix also applied to Chromium-based Microsoft Edge.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-7899 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-7899.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-7899"
},
{
"cve": "CVE-2026-7897",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
},
{
"category": "description",
"text": "A critical use-after-free vulnerability in Google Chrome on iOS before version 148.0.7778.96 allows remote code execution via crafted HTML and specific UI gestures, with the fix also applied to Chromium-based Microsoft Edge.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-7897 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-7897.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-7897"
},
{
"cve": "CVE-2026-7896",
"cwe": {
"id": "CWE-472",
"name": "External Control of Assumed-Immutable Web Parameter"
},
"notes": [
{
"category": "other",
"text": "External Control of Assumed-Immutable Web Parameter",
"title": "CWE-472"
},
{
"category": "description",
"text": "A critical integer overflow vulnerability in Blink affects Google Chrome versions prior to 148.0.7778.96, enabling remote attackers to cause heap corruption via crafted HTML pages.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-7896 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-7896.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-7896"
},
{
"cve": "CVE-2026-7998",
"notes": [
{
"category": "description",
"text": "A UI spoofing vulnerability in Google Chrome before version 148.0.7778.96 allowed remote attackers with renderer process access to exploit insufficient validation of untrusted HTML input, with the fix also applied to Chromium-based Microsoft Edge.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-7998 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-7998.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-7998"
},
{
"cve": "CVE-2026-7996",
"notes": [
{
"category": "description",
"text": "A vulnerability in Google Chrome prior to version 148.0.7778.96 allowed remote attackers to perform UI spoofing via crafted HTML due to insufficient validation of untrusted input in SSL, with the fix also applied to Chromium-based Microsoft Edge.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-7996 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-7996.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-7996"
},
{
"cve": "CVE-2026-7994",
"notes": [
{
"category": "description",
"text": "A medium severity local privilege escalation vulnerability in Chromoting on Google Chrome for Windows before version 148.0.7778.96 was fixed, with the patch also incorporated into Chromium-based Microsoft Edge.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-7994 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-7994.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-7994"
},
{
"cve": "CVE-2026-7997",
"notes": [
{
"category": "description",
"text": "A low severity local privilege escalation vulnerability in the Updater component of Google Chrome on Mac before version 148.0.7778.96 was fixed, with the patch also incorporated into Chromium-based Microsoft Edge.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-7997 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-7997.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-7997"
},
{
"cve": "CVE-2026-7995",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Read",
"title": "CWE-125"
},
{
"category": "description",
"text": "A vulnerability in Google Chrome prior to version 148.0.7778.96 allowed remote attackers to execute arbitrary code inside a sandbox via an out of bounds read in AdFilter, also affecting Microsoft Edge (Chromium-based).",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-7995 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-7995.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-7995"
},
{
"cve": "CVE-2026-7992",
"notes": [
{
"category": "description",
"text": "A vulnerability in Google Chrome on Linux and ChromeOS prior to version 148.0.7778.96 allowed remote code execution via crafted HTML and UI gestures due to insufficient validation of untrusted input, with the fix also applied to Chromium-based Microsoft Edge.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-7992 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-7992.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-7992"
},
{
"cve": "CVE-2026-7977",
"notes": [
{
"category": "description",
"text": "A medium severity vulnerability in the Canvas implementation of Google Chrome versions before 148.0.7778.96 allowed remote attackers to bypass the same origin policy via crafted HTML, with the fix also applied to Chromium-based Microsoft Edge.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-7977 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-7977.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-7977"
},
{
"cve": "CVE-2026-7976",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
},
{
"category": "description",
"text": "A use-after-free vulnerability in Google Chrome versions prior to 148.0.7778.96 allowed arbitrary code execution via malicious extensions, with the fix also incorporated into Chromium-based Microsoft Edge.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-7976 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-7976.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-7976"
},
{
"cve": "CVE-2026-7975",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
},
{
"category": "description",
"text": "A use-after-free vulnerability in Google Chrome DevTools prior to version 148.0.7778.96 allows remote attackers with renderer process access to escape the sandbox via crafted HTML, with the fix incorporated in Chromium-based Microsoft Edge.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-7975 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-7975.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-7975"
},
{
"cve": "CVE-2026-7974",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
},
{
"category": "description",
"text": "A use-after-free vulnerability in Blink affected Google Chrome versions prior to 148.0.7778.96, enabling remote code execution within a sandbox via crafted HTML, with a medium severity rating.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-7974 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-7974.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-7974"
},
{
"cve": "CVE-2026-7973",
"cwe": {
"id": "CWE-472",
"name": "External Control of Assumed-Immutable Web Parameter"
},
"notes": [
{
"category": "other",
"text": "External Control of Assumed-Immutable Web Parameter",
"title": "CWE-472"
},
{
"category": "description",
"text": "An integer overflow vulnerability in Dawn component of Google Chrome on Windows before version 148.0.7778.96 allows remote attackers to escape the sandbox via crafted HTML, with a medium severity rating.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-7973 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-7973.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-7973"
},
{
"cve": "CVE-2026-7971",
"notes": [
{
"category": "description",
"text": "A medium severity vulnerability in the ORB implementation of Google Chrome before version 148.0.7778.96 allowed remote attackers to bypass site isolation via crafted HTML, with the fix also applied to Chromium-based Microsoft Edge.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-7971 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-7971.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-7971"
},
{
"cve": "CVE-2026-7972",
"cwe": {
"id": "CWE-457",
"name": "Use of Uninitialized Variable"
},
"notes": [
{
"category": "other",
"text": "Use of Uninitialized Variable",
"title": "CWE-457"
},
{
"category": "description",
"text": "A vulnerability in Google Chrome prior to version 148.0.7778.96 allowed remote attackers who compromised the renderer process to leak cross-origin data via a crafted HTML page, with Microsoft Edge (Chromium-based) also affected and patched accordingly.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-7972 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-7972.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-7972"
},
{
"cve": "CVE-2026-7970",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
},
{
"category": "description",
"text": "A use-after-free vulnerability in Google Chrome versions prior to 148.0.7778.96 allows remote attackers with renderer process access to escape the sandbox via crafted HTML, with the fix also applied to Chromium-based Microsoft Edge.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-7970 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-7970.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-7970"
},
{
"cve": "CVE-2026-7969",
"cwe": {
"id": "CWE-472",
"name": "External Control of Assumed-Immutable Web Parameter"
},
"notes": [
{
"category": "other",
"text": "External Control of Assumed-Immutable Web Parameter",
"title": "CWE-472"
},
{
"category": "description",
"text": "An integer overflow vulnerability in Google Chrome prior to version 148.0.7778.96 allowed remote attackers with renderer process access to bypass the same origin policy via crafted HTML, rated medium severity.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-7969 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-7969.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-7969"
},
{
"cve": "CVE-2026-7968",
"notes": [
{
"category": "description",
"text": "A vulnerability in Google Chrome before version 148.0.7778.96 allowed attackers with renderer process access to bypass the same origin policy via crafted HTML due to insufficient CORS input validation, with the fix also applied to Chromium-based Microsoft Edge.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-7968 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-7968.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.1,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-7968"
},
{
"cve": "CVE-2026-7967",
"notes": [
{
"category": "description",
"text": "A vulnerability in Google Chrome prior to version 148.0.7778.96 allowed remote attackers with renderer process access to escape the sandbox via crafted HTML due to insufficient validation of untrusted input in navigation.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-7967 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-7967.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-7967"
},
{
"cve": "CVE-2026-7966",
"notes": [
{
"category": "description",
"text": "A vulnerability in Google Chrome prior to version 148.0.7778.96 allowed remote attackers to bypass site isolation by exploiting insufficient validation of untrusted input in the renderer process, with the fix also included in Chromium-based Microsoft Edge.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-7966 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-7966.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.1,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-7966"
},
{
"cve": "CVE-2026-7964",
"notes": [
{
"category": "description",
"text": "A vulnerability in Google Chrome prior to version 148.0.7778.96 allowed remote attackers with renderer process access to perform arbitrary read/write operations via crafted HTML due to insufficient validation in the FileSystem API.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-7964 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-7964.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-7964"
},
{
"cve": "CVE-2026-7963",
"notes": [
{
"category": "description",
"text": "A vulnerability in the ServiceWorker implementation in Google Chrome versions before 148.0.7778.96 allowed remote attackers with renderer process access to escape the sandbox via crafted HTML pages, with the fix incorporated in Chromium-based Microsoft Edge.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-7963 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-7963.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-7963"
},
{
"cve": "CVE-2026-7993",
"notes": [
{
"category": "description",
"text": "A medium severity vulnerability in Google Chrome on Android before version 148.0.7778.96 allowed attackers compromising the renderer process to spoof the URL bar via crafted HTML, with the fix also applied to Chromium-based Microsoft Edge.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-7993 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-7993.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-7993"
},
{
"cve": "CVE-2026-7962",
"notes": [
{
"category": "description",
"text": "A medium severity vulnerability in DirectSockets of Google Chrome before version 148.0.7778.96 allowed remote attackers to perform arbitrary read/write via a crafted Chrome Extension.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-7962 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-7962.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-7962"
},
{
"cve": "CVE-2026-7991",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
},
{
"category": "description",
"text": "A use-after-free vulnerability in Google Chrome versions prior to 148.0.7778.96 allowed remote attackers to execute arbitrary code within a sandbox via a crafted HTML page, also affecting Microsoft Edge (Chromium-based) through the shared Chromium update.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-7991 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-7991.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-7991"
},
{
"cve": "CVE-2026-7960",
"cwe": {
"id": "CWE-362",
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
},
"notes": [
{
"category": "other",
"text": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
"title": "CWE-362"
},
{
"category": "description",
"text": "A medium severity vulnerability in Google Chrome before version 148.0.7778.96 allowed remote attackers with renderer process access to extract sensitive information from process memory via crafted HTML pages.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-7960 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-7960.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-7960"
},
{
"cve": "CVE-2026-7961",
"notes": [
{
"category": "description",
"text": "A medium severity vulnerability in Google Chrome before version 148.0.7778.96 allowed local network attackers to leak cross-origin data due to insufficient validation of untrusted input in permissions, with the fix also applied to Chromium-based Microsoft Edge.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-7961 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-7961.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-7961"
},
{
"cve": "CVE-2026-7959",
"notes": [
{
"category": "description",
"text": "A medium severity vulnerability in Google Chrome prior to version 148.0.7778.96 allowed remote attackers with renderer process access to bypass site isolation via crafted HTML, with the fix also included in Chromium-based Microsoft Edge.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-7959 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-7959.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.1,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-7959"
},
{
"cve": "CVE-2026-7958",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"title": "CWE-79"
},
{
"category": "description",
"text": "A medium severity vulnerability in the ServiceWorker implementation of Google Chrome versions before 148.0.7778.96 allowed arbitrary script or HTML injection via malicious extensions, with the fix also applied to Chromium-based Microsoft Edge.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-7958 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-7958.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-7958"
},
{
"cve": "CVE-2026-7990",
"notes": [
{
"category": "description",
"text": "A medium severity local privilege escalation vulnerability in the Updater component of Google Chrome on Windows before version 148.0.7778.96 was fixed, with the patch also included in Chromium-based Microsoft Edge.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-7990 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-7990.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-7990"
},
{
"cve": "CVE-2026-7957",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Write",
"title": "CWE-787"
},
{
"category": "description",
"text": "A medium-severity out-of-bounds write vulnerability in Media on Google Chrome for Mac and iOS prior to version 148.0.7778.96 allows remote attackers with renderer process access to execute arbitrary code within a sandbox via crafted HTML pages.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-7957 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-7957.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-7957"
},
{
"cve": "CVE-2026-7956",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
},
{
"category": "description",
"text": "A use-after-free vulnerability in Google Chrome versions before 148.0.7778.96 allows a remote attacker controlling the renderer process to escape the sandbox via a crafted HTML page, affecting Chromium-based browsers including Microsoft Edge.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-7956 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-7956.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-7956"
},
{
"cve": "CVE-2026-7955",
"cwe": {
"id": "CWE-457",
"name": "Use of Uninitialized Variable"
},
"notes": [
{
"category": "other",
"text": "Use of Uninitialized Variable",
"title": "CWE-457"
},
{
"category": "description",
"text": "A vulnerability in Google Chrome before version 148.0.7778.96 allowed remote attackers with renderer process access to extract sensitive GPU memory data via crafted HTML, with the fix also applied to Chromium-based Microsoft Edge.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-7955 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-7955.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-7955"
},
{
"cve": "CVE-2026-7954",
"cwe": {
"id": "CWE-362",
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
},
"notes": [
{
"category": "other",
"text": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
"title": "CWE-362"
},
{
"category": "description",
"text": "A race condition vulnerability in Shared Storage of Google Chrome versions before 148.0.7778.96 allowed remote attackers compromising the renderer process to leak cross-origin data, affecting Chromium-based browsers including Microsoft Edge.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-7954 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-7954.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.1,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-7954"
},
{
"cve": "CVE-2026-7953",
"notes": [
{
"category": "description",
"text": "A UXSS vulnerability in Google Chrome versions before 148.0.7778.96 allowed remote attackers to inject arbitrary scripts or HTML via insufficient validation of untrusted input in the Omnibox, with the fix also applied to Chromium-based Microsoft Edge.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-7953 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-7953.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-7953"
},
{
"cve": "CVE-2026-7965",
"notes": [
{
"category": "description",
"text": "A vulnerability in Google Chrome prior to version 148.0.7778.96 allowed remote attackers with renderer process access to leak cross-origin data due to insufficient validation of untrusted input in DevTools, with the fix incorporated in Chromium-based Microsoft Edge.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-7965 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-7965.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.1,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-7965"
},
{
"cve": "CVE-2026-7952",
"notes": [
{
"category": "description",
"text": "A vulnerability in Google Chrome versions before 148.0.7778.96 allowed remote attackers to bypass discretionary access control via crafted HTML pages due to insufficient policy enforcement in Extensions, with the fix incorporated in Chromium-based Microsoft Edge.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-7952 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-7952.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-7952"
},
{
"cve": "CVE-2026-7951",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Write",
"title": "CWE-787"
},
{
"category": "description",
"text": "A medium severity vulnerability in WebRTC within Google Chrome versions before 148.0.7778.96 allowed remote attackers to execute arbitrary code in a sandbox via crafted HTML, with the fix also applied to Chromium-based Microsoft Edge.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-7951 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-7951.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-7951"
},
{
"cve": "CVE-2026-7949",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Read",
"title": "CWE-125"
},
{
"category": "description",
"text": "A medium-severity out-of-bounds read vulnerability in Skia within Google Chrome versions prior to 148.0.7778.96 allows remote attackers with renderer process access to leak cross-origin data via malicious Chrome Extensions.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-7949 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-7949.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.1,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-7949"
},
{
"cve": "CVE-2026-7950",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Read",
"title": "CWE-125"
},
{
"category": "other",
"text": "Out-of-bounds Write",
"title": "CWE-787"
},
{
"category": "description",
"text": "A vulnerability in Google Chrome prior to version 148.0.7778.96 allowed remote attackers to perform arbitrary read and write operations via out-of-bounds access in the GFX component, also affecting Chromium-based Microsoft Edge.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-7950 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-7950.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-7950"
},
{
"cve": "CVE-2026-7948",
"cwe": {
"id": "CWE-362",
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
},
"notes": [
{
"category": "other",
"text": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
"title": "CWE-362"
},
{
"category": "description",
"text": "A race condition vulnerability in Chromoting on Google Chrome for Windows before version 148.0.7778.96 allowed local privilege escalation via a malicious file, rated medium severity and fixed in Chromium-based Microsoft Edge as well.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-7948 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-7948.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-7948"
},
{
"cve": "CVE-2026-7999",
"notes": [
{
"category": "description",
"text": "A low-severity vulnerability in V8 engine of Google Chrome versions before 148.0.7778.96 allowed remote attackers to access sensitive process memory via crafted HTML pages, with the fix incorporated in Chromium-based Microsoft Edge.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-7999 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-7999.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-7999"
},
{
"cve": "CVE-2026-7947",
"notes": [
{
"category": "description",
"text": "A vulnerability in Google Chrome before version 148.0.7778.96 allowed remote attackers who compromised the renderer process to perform UI spoofing via crafted HTML due to insufficient validation of untrusted input, also affecting Microsoft Edge (Chromium-based).",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-7947 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-7947.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-7947"
},
{
"cve": "CVE-2026-7946",
"notes": [
{
"category": "description",
"text": "A vulnerability in Google Chrome versions before 148.0.7778.96 allowed remote attackers to bypass site isolation via insufficient WebUI policy enforcement, affecting multiple operating systems and fixed in Chromium-based Microsoft Edge as well.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-7946 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-7946.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-7946"
},
{
"cve": "CVE-2026-7945",
"notes": [
{
"category": "description",
"text": "A medium severity vulnerability in Google Chrome prior to version 148.0.7778.96 allowed remote attackers compromising the renderer process to bypass site isolation via insufficient validation of untrusted input in COOP.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-7945 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-7945.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.1,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-7945"
},
{
"cve": "CVE-2026-7944",
"notes": [
{
"category": "description",
"text": "A vulnerability in Google Chrome prior to version 148.0.7778.96 allowed remote attackers with renderer process access to bypass site isolation via crafted HTML due to insufficient validation in the Persistent Cache.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-7944 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-7944.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.1,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-7944"
},
{
"cve": "CVE-2026-7943",
"notes": [
{
"category": "description",
"text": "A vulnerability in ANGLE in Google Chrome before version 148.0.7778.96 allows remote attackers with renderer process access to perform arbitrary read/write via crafted HTML due to insufficient input validation, affecting Chrome and Chromium-based Microsoft Edge.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-7943 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-7943.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-7943"
},
{
"cve": "CVE-2026-7942",
"cwe": {
"id": "CWE-472",
"name": "External Control of Assumed-Immutable Web Parameter"
},
"notes": [
{
"category": "other",
"text": "External Control of Assumed-Immutable Web Parameter",
"title": "CWE-472"
},
{
"category": "description",
"text": "An integer overflow vulnerability in ANGLE within Google Chrome versions prior to 148.0.7778.96 allowed remote attackers to leak cross-origin data via crafted HTML pages, with a medium severity rating.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-7942 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-7942.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-7942"
},
{
"cve": "CVE-2026-7941",
"notes": [
{
"category": "description",
"text": "A UXSS vulnerability in Google Chrome on Android before version 148.0.7778.96 allowed local attackers to inject arbitrary scripts or HTML via crafted Chrome Extensions, with the fix also applied to Chromium-based Microsoft Edge.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-7941 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-7941.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-7941"
},
{
"cve": "CVE-2026-7940",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
},
{
"category": "description",
"text": "A use-after-free vulnerability in V8 within Google Chrome versions prior to 148.0.7778.96 allowed arbitrary code execution via malicious extensions, rated medium severity and fixed in Chrome and Chromium-based Microsoft Edge.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-7940 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-7940.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-7940"
},
{
"cve": "CVE-2026-7939",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"title": "CWE-79"
},
{
"category": "description",
"text": "A UXSS vulnerability in SanitizerAPI affected Google Chrome versions before 148.0.7778.96, allowing remote attackers to inject arbitrary scripts or HTML via crafted pages, with the fix also applied to Chromium-based Microsoft Edge.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-7939 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-7939.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-7939"
},
{
"cve": "CVE-2026-7938",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
},
{
"category": "description",
"text": "A use-after-free vulnerability in CSS in Google Chrome versions before 148.0.7778.96 allowed remote code execution within a sandbox via crafted HTML, affecting Chrome and Chromium-based Microsoft Edge, rated medium severity.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-7938 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-7938.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-7938"
},
{
"cve": "CVE-2026-7986",
"cwe": {
"id": "CWE-346",
"name": "Origin Validation Error"
},
"notes": [
{
"category": "other",
"text": "Origin Validation Error",
"title": "CWE-346"
},
{
"category": "description",
"text": "A medium severity vulnerability in Google Chrome Autofill prior to version 148.0.7778.96 allowed remote attackers to leak cross-origin data via crafted HTML pages, with the fix incorporated in Chromium-based Microsoft Edge.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-7986 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-7986.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-7986"
},
{
"cve": "CVE-2026-7937",
"notes": [
{
"category": "description",
"text": "A vulnerability in Google Chrome versions prior to 148.0.7778.96 allowed attackers to bypass navigation restrictions by tricking users into installing malicious extensions, also addressed in Chromium-based Microsoft Edge.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-7937 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-7937.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.1,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-7937"
},
{
"cve": "CVE-2026-7936",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Read",
"title": "CWE-125"
},
{
"category": "description",
"text": "A medium severity vulnerability in V8 engine of Google Chrome before version 148.0.7778.96 allows remote attackers to perform out-of-bounds memory reads via crafted HTML pages, also affecting Chromium-based Microsoft Edge.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-7936 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-7936.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-7936"
},
{
"cve": "CVE-2026-7989",
"notes": [
{
"category": "description",
"text": "A vulnerability in Google Chrome versions prior to 148.0.7778.96 allowed remote attackers with renderer process access to perform arbitrary read/write via insufficient data validation in DataTransfer, with the fix incorporated in Chromium-based Microsoft Edge.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-7989 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-7989.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-7989"
},
{
"cve": "CVE-2026-7988",
"cwe": {
"id": "CWE-843",
"name": "Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)"
},
"notes": [
{
"category": "other",
"text": "Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)",
"title": "CWE-843"
},
{
"category": "description",
"text": "A type confusion vulnerability in WebRTC affected Google Chrome versions before 148.0.7778.96, allowing remote code execution within a sandbox, with a medium severity rating.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-7988 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-7988.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-7988"
},
{
"cve": "CVE-2026-7987",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
},
{
"category": "description",
"text": "A use-after-free vulnerability in WebRTC in Google Chrome versions before 148.0.7778.96 allowed remote code execution within a sandbox via crafted HTML, affecting Chrome and Chromium-based Microsoft Edge with medium severity.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-7987 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-7987.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-7987"
},
{
"cve": "CVE-2026-7985",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
},
{
"category": "description",
"text": "A use-after-free vulnerability in the GPU component of Google Chrome versions prior to 148.0.7778.96 allows remote attackers controlling the renderer process to escape the sandbox via crafted HTML, with fixes included in Chromium-based Microsoft Edge.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-7985 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-7985.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-7985"
},
{
"cve": "CVE-2026-7984",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
},
{
"category": "description",
"text": "A use-after-free vulnerability in Google Chrome ReadingMode before version 148.0.7778.96 allowed remote attackers with renderer process access to execute arbitrary code within a sandbox, rated medium severity.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-7984 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-7984.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-7984"
},
{
"cve": "CVE-2026-7983",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Read",
"title": "CWE-125"
},
{
"category": "description",
"text": "A medium-severity out-of-bounds read vulnerability in Google Chrome prior to version 148.0.7778.96 allows remote attackers to leak cross-origin data via crafted HTML pages, with the fix also applied to Chromium-based Microsoft Edge.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-7983 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-7983.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-7983"
},
{
"cve": "CVE-2026-7981",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Read",
"title": "CWE-125"
},
{
"category": "description",
"text": "A medium-severity out-of-bounds read vulnerability in Google Chrome codecs prior to version 148.0.7778.96 allows remote attackers to access sensitive process memory via malicious files, with the fix also applied to Chromium-based Microsoft Edge.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-7981 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-7981.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-7981"
},
{
"cve": "CVE-2026-7980",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
},
{
"category": "description",
"text": "A use-after-free vulnerability in WebAudio in Google Chrome versions before 148.0.7778.96 allowed remote code execution within a sandbox via crafted HTML, with a medium severity rating.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-7980 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-7980.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-7980"
},
{
"cve": "CVE-2026-7978",
"notes": [
{
"category": "description",
"text": "A medium severity vulnerability in Companion on Google Chrome for Mac before version 148.0.7778.96 allowed remote attackers to escalate OS-level privileges via malicious network traffic, with the fix incorporated in Chromium-based Microsoft Edge.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-7978 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-7978.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-7978"
},
{
"cve": "CVE-2026-7979",
"cwe": {
"id": "CWE-346",
"name": "Origin Validation Error"
},
"notes": [
{
"category": "other",
"text": "Origin Validation Error",
"title": "CWE-346"
},
{
"category": "description",
"text": "A medium severity vulnerability in Google Chrome versions prior to 148.0.7778.96 allowed remote attackers to leak cross-origin data via crafted HTML pages, with the fix incorporated in Chromium-based Microsoft Edge.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-7979 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-7979.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-7979"
},
{
"cve": "CVE-2026-7982",
"cwe": {
"id": "CWE-457",
"name": "Use of Uninitialized Variable"
},
"notes": [
{
"category": "other",
"text": "Use of Uninitialized Variable",
"title": "CWE-457"
},
{
"category": "description",
"text": "A medium severity vulnerability in WebCodecs affected Google Chrome versions before 148.0.7778.96, allowing remote attackers to access sensitive process memory via crafted HTML pages, with the fix also incorporated in Chromium-based Microsoft Edge.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-7982 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-7982.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-7982"
},
{
"cve": "CVE-2026-7934",
"notes": [
{
"category": "description",
"text": "A vulnerability in Google Chrome\u0027s Popup Blocker prior to version 148.0.7778.96 allowed remote attackers with renderer process access to bypass navigation restrictions via crafted HTML, affecting Chrome and Chromium-based Microsoft Edge.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-7934 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-7934.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-7934"
},
{
"cve": "CVE-2026-7933",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Read",
"title": "CWE-125"
},
{
"category": "description",
"text": "A medium-severity out-of-bounds memory read vulnerability in WebCodecs affected Google Chrome versions prior to 148.0.7778.96 and was exploitable via crafted video files, with the fix incorporated into Chromium-based Microsoft Edge.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-7933 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-7933.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-7933"
},
{
"cve": "CVE-2026-7935",
"cwe": {
"id": "CWE-451",
"name": "User Interface (UI) Misrepresentation of Critical Information"
},
"notes": [
{
"category": "other",
"text": "User Interface (UI) Misrepresentation of Critical Information",
"title": "CWE-451"
},
{
"category": "description",
"text": "A medium severity UI spoofing vulnerability in the Speech implementation of Google Chrome before version 148.0.7778.96 affects Chromium-based browsers including Microsoft Edge.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-7935 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-7935.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-7935"
},
{
"cve": "CVE-2026-7932",
"notes": [
{
"category": "description",
"text": "A vulnerability in Google Chrome prior to version 148.0.7778.96 allowed local attackers to bypass navigation restrictions via crafted HTML pages due to insufficient policy enforcement in Downloads, with the fix also applied in Chromium-based Microsoft Edge.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-7932 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-7932.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-7932"
},
{
"cve": "CVE-2026-7929",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
},
{
"category": "description",
"text": "A use-after-free vulnerability in MediaRecording in Google Chrome prior to version 148.0.7778.96 allowed remote code execution via crafted HTML and user interaction, with the fix also applied to Chromium-based Microsoft Edge.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-7929 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-7929.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-7929"
},
{
"cve": "CVE-2026-7931",
"notes": [
{
"category": "description",
"text": "A UI spoofing vulnerability in Google Chrome on iOS versions prior to 148.0.7778.96 allowed remote attackers to exploit insufficient validation of untrusted input, with the fix incorporated in Chromium-based Microsoft Edge.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-7931 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-7931.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-7931"
},
{
"cve": "CVE-2026-7930",
"notes": [
{
"category": "description",
"text": "A privilege escalation vulnerability in Google Chrome before version 148.0.7778.96, caused by insufficient validation of untrusted cookie input, was fixed and the patch has been incorporated into Chromium-based Microsoft Edge.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-7930 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-7930.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-7930"
},
{
"cve": "CVE-2026-7927",
"cwe": {
"id": "CWE-843",
"name": "Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)"
},
"notes": [
{
"category": "other",
"text": "Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)",
"title": "CWE-843"
},
{
"category": "description",
"text": "A type confusion vulnerability in Google Chrome versions prior to 148.0.7778.96 allowed remote code execution within a sandbox via crafted HTML, affecting Chrome and Chromium-based Microsoft Edge browsers.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-7927 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-7927.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-7927"
},
{
"cve": "CVE-2026-7928",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
},
{
"category": "description",
"text": "A use-after-free vulnerability in WebRTC on Google Chrome for Windows before version 148.0.7778.96 allowed remote code execution within a sandbox via crafted HTML, rated high severity and fixed in Chromium-based Microsoft Edge as well.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-7928 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-7928.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-7928"
},
{
"cve": "CVE-2026-7926",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
},
{
"category": "description",
"text": "A high severity use-after-free vulnerability in PresentationAPI affected Google Chrome versions prior to 148.0.7778.96, enabling remote code execution within a sandbox via crafted HTML, with the fix also applied to Chromium-based Microsoft Edge.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-7926 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-7926.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-7926"
},
{
"cve": "CVE-2026-7925",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
},
{
"category": "description",
"text": "A high severity use-after-free vulnerability in Chromoting on Google Chrome for Windows before version 148.0.7778.96 allows local privilege escalation via a malicious file, with the fix also included in Chromium-based Microsoft Edge.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-7925 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-7925.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-7925"
},
{
"cve": "CVE-2026-7924",
"cwe": {
"id": "CWE-457",
"name": "Use of Uninitialized Variable"
},
"notes": [
{
"category": "other",
"text": "Use of Uninitialized Variable",
"title": "CWE-457"
},
{
"category": "description",
"text": "A high-severity uninitialized use vulnerability in Dawn affects Google Chrome versions prior to 148.0.7778.96, allowing remote attackers to access sensitive process memory via crafted HTML pages, with the fix incorporated in Chromium-based Microsoft Edge.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-7924 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-7924.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-7924"
},
{
"cve": "CVE-2026-7923",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Write",
"title": "CWE-787"
},
{
"category": "description",
"text": "A high-severity out-of-bounds write vulnerability in Skia within Google Chrome versions prior to 148.0.7778.96 allows remote attackers with renderer process access to escape the sandbox via crafted HTML, also affecting Chromium-based Microsoft Edge.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-7923 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-7923.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-7923"
},
{
"cve": "CVE-2026-7922",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
},
{
"category": "description",
"text": "A use-after-free vulnerability in ServiceWorker in Google Chrome versions prior to 148.0.7778.96 allows remote attackers to perform sandbox escape via crafted HTML, rated high severity and fixed in Chromium-based Microsoft Edge as well.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-7922 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-7922.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-7922"
},
{
"cve": "CVE-2026-7921",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
},
{
"category": "description",
"text": "A use-after-free vulnerability in Google Chrome versions prior to 148.0.7778.96 allows remote code execution via crafted HTML pages, affecting Chromium-based browsers including Microsoft Edge, with high severity.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-7921 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-7921.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-7921"
},
{
"cve": "CVE-2026-7920",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
},
{
"category": "description",
"text": "A high severity use-after-free vulnerability in Skia within Google Chrome versions prior to 148.0.7778.96 allows remote attackers with renderer process access to escape the sandbox via crafted HTML pages.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-7920 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-7920.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-7920"
},
{
"cve": "CVE-2026-7918",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
},
{
"category": "description",
"text": "A use-after-free vulnerability in the GPU component of Google Chrome prior to version 148.0.7778.96 allows remote attackers controlling the renderer process to escape the sandbox via crafted HTML, posing a high security risk.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-7918 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-7918.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-7918"
},
{
"cve": "CVE-2026-7917",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
},
{
"category": "description",
"text": "A use-after-free vulnerability in Fullscreen mode in Google Chrome on Windows prior to version 148.0.7778.96 allows remote attackers controlling the renderer process to escape the sandbox via crafted HTML pages.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-7917 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-7917.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-7917"
},
{
"cve": "CVE-2026-7919",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
},
{
"category": "description",
"text": "A use-after-free vulnerability in Aura in Google Chrome versions prior to 148.0.7778.96 allows remote attackers with renderer process access to escape the sandbox via crafted HTML, with the fix also applied to Chromium-based Microsoft Edge.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-7919 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-7919.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-7919"
},
{
"cve": "CVE-2026-7916",
"notes": [
{
"category": "description",
"text": "A high-severity vulnerability in Google Chrome before version 148.0.7778.96 allowed remote sandbox escape via crafted HTML due to insufficient data validation in InterestGroups, with the fix also applied to Chromium-based Microsoft Edge.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-7916 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-7916.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-7916"
},
{
"cve": "CVE-2026-7915",
"notes": [
{
"category": "description",
"text": "A high-severity vulnerability in Google Chrome on Android prior to version 148.0.7778.96 allowed remote attackers to bypass navigation restrictions via insufficient data validation in DevTools, also affecting Microsoft Edge (Chromium-based).",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-7915 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-7915.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-7915"
},
{
"cve": "CVE-2026-7914",
"cwe": {
"id": "CWE-843",
"name": "Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)"
},
"notes": [
{
"category": "other",
"text": "Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)",
"title": "CWE-843"
},
{
"category": "description",
"text": "A high severity type confusion vulnerability in Google Chrome on Windows before version 148.0.7778.96 allows remote attackers with renderer process access to escape the sandbox via crafted HTML, with fixes included in Chromium-based Microsoft Edge.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-7914 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-7914.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-7914"
},
{
"cve": "CVE-2026-7913",
"notes": [
{
"category": "description",
"text": "A high-severity privilege escalation vulnerability in Google Chrome on Android prior to version 148.0.7778.96, caused by insufficient DevTools policy enforcement, also affects Chromium-based Microsoft Edge via Chromium updates.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-7913 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-7913.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-7913"
},
{
"cve": "CVE-2026-7912",
"cwe": {
"id": "CWE-472",
"name": "External Control of Assumed-Immutable Web Parameter"
},
"notes": [
{
"category": "other",
"text": "External Control of Assumed-Immutable Web Parameter",
"title": "CWE-472"
},
{
"category": "description",
"text": "An integer overflow vulnerability in the GPU component of Google Chrome on Android before version 148.0.7778.96 allowed remote attackers with renderer process access to perform arbitrary read/write operations, rated high severity.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-7912 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-7912.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-7912"
},
{
"cve": "CVE-2026-7911",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
},
{
"category": "description",
"text": "A use-after-free vulnerability in Aura on Google Chrome for Windows before version 148.0.7778.96 allows remote attackers with renderer process access to escape the sandbox via crafted HTML pages.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-7911 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-7911.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-7911"
},
{
"cve": "CVE-2026-7909",
"notes": [
{
"category": "description",
"text": "A high severity vulnerability in ServiceWorker implementation in Google Chrome before version 148.0.7778.96 allowed remote attackers with renderer process access to bypass site isolation via crafted HTML pages, with fixes incorporated in Chromium-based Microsoft Edge.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-7909 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-7909.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.1,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-7909"
},
{
"cve": "CVE-2026-7910",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
},
{
"category": "description",
"text": "A high severity use-after-free vulnerability in Google Chrome prior to version 148.0.7778.96 allowed remote attackers with renderer process access to bypass site isolation via crafted HTML, with the fix also applied to Chromium-based Microsoft Edge.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-7910 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-7910.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-7910"
},
{
"cve": "CVE-2026-7908",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
},
{
"category": "description",
"text": "A use-after-free vulnerability in the Fullscreen feature of Google Chrome prior to version 148.0.7778.96 allows remote attackers to escape the sandbox via crafted HTML, with a high severity rating.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-7908 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-7908.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-7908"
},
{
"cve": "CVE-2026-7907",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
},
{
"category": "description",
"text": "A use-after-free vulnerability in the DOM of Google Chrome versions prior to 148.0.7778.96 allowed remote attackers to execute arbitrary code within a sandbox via crafted HTML, with the fix also applied to Chromium-based Microsoft Edge.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-7907 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-7907.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-7907"
},
{
"cve": "CVE-2026-7905",
"notes": [
{
"category": "description",
"text": "A high-severity vulnerability in Google Chrome on Android prior to version 148.0.7778.96 allowed remote attackers with renderer process access to escape the sandbox via crafted HTML, with the fix also applied to Chromium-based Microsoft Edge.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-7905 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-7905.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-7905"
},
{
"cve": "CVE-2026-7906",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
},
{
"category": "description",
"text": "A use-after-free vulnerability in SVG in Google Chrome prior to version 148.0.7778.96 allowed remote code execution within a sandbox via crafted HTML, affecting Chromium-based browsers including Microsoft Edge.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-7906 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-7906.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-7906"
},
{
"cve": "CVE-2026-7904",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Read",
"title": "CWE-125"
},
{
"category": "description",
"text": "A high-severity out-of-bounds memory read vulnerability in Fonts affected Google Chrome versions prior to 148.0.7778.96 and was exploitable via a crafted HTML page, with the fix incorporated in Chromium-based Microsoft Edge.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-7904 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-7904.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-7904"
},
{
"cve": "CVE-2026-7903",
"cwe": {
"id": "CWE-472",
"name": "External Control of Assumed-Immutable Web Parameter"
},
"notes": [
{
"category": "other",
"text": "External Control of Assumed-Immutable Web Parameter",
"title": "CWE-472"
},
{
"category": "description",
"text": "An integer overflow vulnerability in ANGLE within Google Chrome versions prior to 148.0.7778.96 on Mac and Windows allows remote attackers to cause heap corruption via crafted HTML pages, with high severity.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-7903 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-7903.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-7903"
},
{
"cve": "CVE-2026-7902",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Write",
"title": "CWE-787"
},
{
"category": "other",
"text": "Out-of-bounds Read",
"title": "CWE-125"
},
{
"category": "description",
"text": "A high-severity out-of-bounds memory access vulnerability in V8 prior to Chrome 148.0.7778.96 allowed remote code execution within a sandbox via crafted HTML, affecting Chrome and Chromium-based Microsoft Edge.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-7902 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-7902.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-7902"
},
{
"cve": "CVE-2026-7901",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
},
{
"category": "description",
"text": "A high severity use-after-free vulnerability in ANGLE on Google Chrome for Mac before version 148.0.7778.96 allows remote code execution within a sandbox via crafted HTML, with the fix incorporated in Chromium-based Microsoft Edge.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-7901 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-7901.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-7901"
},
{
"cve": "CVE-2026-7900",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "other",
"text": "Heap-based Buffer Overflow",
"title": "CWE-122"
},
{
"category": "description",
"text": "A heap buffer overflow vulnerability in ANGLE within Google Chrome versions before 148.0.7778.96 allows remote attackers with renderer process access to potentially escape the sandbox via crafted HTML pages.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-7900 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-7900.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-7900"
},
{
"cve": "CVE-2026-8020",
"cwe": {
"id": "CWE-457",
"name": "Use of Uninitialized Variable"
},
"notes": [
{
"category": "other",
"text": "Use of Uninitialized Variable",
"title": "CWE-457"
},
{
"category": "description",
"text": "A vulnerability in Google Chrome on Android before version 148.0.7778.96 allowed remote attackers with renderer process access to extract sensitive GPU memory data via crafted HTML, with the fix also applied to Chromium-based Microsoft Edge.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-8020 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-8020.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-8020"
},
{
"cve": "CVE-2026-8019",
"cwe": {
"id": "CWE-451",
"name": "User Interface (UI) Misrepresentation of Critical Information"
},
"notes": [
{
"category": "other",
"text": "User Interface (UI) Misrepresentation of Critical Information",
"title": "CWE-451"
},
{
"category": "description",
"text": "A low-severity UI spoofing vulnerability in Google Chrome versions prior to 148.0.7778.96, caused by insufficient policy enforcement in WebApp, is addressed in Chromium-based Microsoft Edge.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-8019 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-8019.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-8019"
},
{
"cve": "CVE-2026-8018",
"notes": [
{
"category": "description",
"text": "A low-severity vulnerability in Google Chrome before version 148.0.7778.96 allowed remote attackers to escape the sandbox via malicious network traffic due to insufficient DevTools policy enforcement, with the fix also applied to Chromium-based Microsoft Edge.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-8018 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-8018.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-8018"
},
{
"cve": "CVE-2026-8022",
"cwe": {
"id": "CWE-1021",
"name": "Improper Restriction of Rendered UI Layers or Frames"
},
"notes": [
{
"category": "other",
"text": "Improper Restriction of Rendered UI Layers or Frames",
"title": "CWE-1021"
},
{
"category": "other",
"text": "Cross-Site Request Forgery (CSRF)",
"title": "CWE-352"
},
{
"category": "description",
"text": "A low severity vulnerability in the MHTML implementation of Google Chrome before version 148.0.7778.96 allowed remote attackers to leak cross-origin data via crafted pages and user interactions, with the fix also applied to Chromium-based Microsoft Edge.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-8022 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-8022.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.1,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-8022"
},
{
"cve": "CVE-2026-8017",
"cwe": {
"id": "CWE-1300",
"name": "Improper Protection of Physical Side Channels"
},
"notes": [
{
"category": "other",
"text": "Improper Protection of Physical Side Channels",
"title": "CWE-1300"
},
{
"category": "description",
"text": "A side-channel information leakage vulnerability in Google Chrome versions prior to 148.0.7778.96 allowed remote attackers to leak cross-origin data via crafted HTML pages, with a low severity rating.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-8017 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-8017.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.1,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-8017"
},
{
"cve": "CVE-2026-8021",
"cwe": {
"id": "CWE-94",
"name": "Improper Control of Generation of Code (\u0027Code Injection\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"title": "CWE-94"
},
{
"category": "description",
"text": "A low severity script injection vulnerability in Google Chrome versions before 148.0.7778.96 allowed remote attackers to inject arbitrary scripts or HTML via specific UI gestures on crafted pages, with the fix also applied to Chromium-based Microsoft Edge.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-8021 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-8021.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-8021"
},
{
"cve": "CVE-2026-8014",
"notes": [
{
"category": "description",
"text": "A low-severity vulnerability in the Preload feature of Google Chrome versions before 148.0.7778.96 allowed remote attackers to leak cross-origin data via crafted HTML, with the fix incorporated in Chromium-based Microsoft Edge.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-8014 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-8014.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-8014"
},
{
"cve": "CVE-2026-8015",
"cwe": {
"id": "CWE-451",
"name": "User Interface (UI) Misrepresentation of Critical Information"
},
"notes": [
{
"category": "other",
"text": "User Interface (UI) Misrepresentation of Critical Information",
"title": "CWE-451"
},
{
"category": "description",
"text": "A low-severity UI spoofing vulnerability in Media on Google Chrome versions prior to 148.0.7778.96 was fixed, with the patch also incorporated into the Chromium-based Microsoft Edge browser.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-8015 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-8015.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-8015"
},
{
"cve": "CVE-2026-8016",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
},
{
"category": "description",
"text": "A use-after-free vulnerability in WebRTC in Google Chrome versions prior to 148.0.7778.96 allowed remote code execution within a sandbox via crafted HTML, rated low severity and fixed in Chrome and Chromium-based Microsoft Edge.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-8016 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-8016.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-8016"
},
{
"cve": "CVE-2026-8012",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"title": "CWE-79"
},
{
"category": "description",
"text": "A low severity vulnerability in the MHTML implementation of Google Chrome before version 148.0.7778.96 allowed remote attackers with renderer process access to inject arbitrary scripts or HTML.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-8012 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-8012.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-8012"
},
{
"cve": "CVE-2026-8011",
"notes": [
{
"category": "description",
"text": "A low-severity vulnerability in Google Chrome before version 148.0.7778.96 allowed remote attackers to leak cross-origin data due to insufficient policy enforcement in Search, addressed in Chromium-based Microsoft Edge.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-8011 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-8011.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-8011"
},
{
"cve": "CVE-2026-8013",
"notes": [
{
"category": "description",
"text": "A low severity vulnerability in FedCM in Google Chrome versions before 148.0.7778.96 allowed remote attackers to leak cross-origin data due to insufficient validation of untrusted input, with the fix also applied to Chromium-based Microsoft Edge.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-8013 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-8013.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-8013"
},
{
"cve": "CVE-2026-8009",
"notes": [
{
"category": "description",
"text": "A vulnerability in Google Chrome versions before 148.0.7778.96 allowed remote attackers with renderer process access to bypass navigation restrictions via crafted HTML, with the fix also applied to Chromium-based Microsoft Edge.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-8009 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-8009.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.0,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-8009"
},
{
"cve": "CVE-2026-8010",
"notes": [
{
"category": "description",
"text": "A vulnerability in Google Chrome prior to version 148.0.7778.96 allowed remote attackers to bypass site isolation by exploiting insufficient validation of untrusted input in the renderer process, with the fix also applied to Chromium-based Microsoft Edge.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-8010 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-8010.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-8010"
},
{
"cve": "CVE-2026-8008",
"cwe": {
"id": "CWE-451",
"name": "User Interface (UI) Misrepresentation of Critical Information"
},
"notes": [
{
"category": "other",
"text": "User Interface (UI) Misrepresentation of Critical Information",
"title": "CWE-451"
},
{
"category": "description",
"text": "A UI spoofing vulnerability in Google Chrome versions prior to 148.0.7778.96, rated low severity, was fixed and the patch has been incorporated into Chromium-based Microsoft Edge.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-8008 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-8008.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-8008"
},
{
"cve": "CVE-2026-8007",
"notes": [
{
"category": "description",
"text": "A vulnerability in Google Chrome prior to version 148.0.7778.96 allowed remote attackers to escalate privileges via crafted HTML due to insufficient validation in the Cast component, with the fix also included in Chromium-based Microsoft Edge.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-8007 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-8007.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-8007"
},
{
"cve": "CVE-2026-8006",
"cwe": {
"id": "CWE-451",
"name": "User Interface (UI) Misrepresentation of Critical Information"
},
"notes": [
{
"category": "other",
"text": "User Interface (UI) Misrepresentation of Critical Information",
"title": "CWE-451"
},
{
"category": "description",
"text": "A UI spoofing vulnerability in Google Chrome versions prior to 148.0.7778.96, caused by insufficient policy enforcement in DevTools via malicious extensions, has been fixed and the patch is also incorporated in Chromium-based Microsoft Edge.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-8006 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-8006.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-8006"
},
{
"cve": "CVE-2026-8005",
"notes": [
{
"category": "description",
"text": "A vulnerability in Google Chrome before version 148.0.7778.96 allowed local network attackers to bypass the same origin policy via insufficient validation in the Cast feature, with the fix also applied to Chromium-based Microsoft Edge.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-8005 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-8005.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-8005"
},
{
"cve": "CVE-2026-8002",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
},
{
"category": "description",
"text": "A use-after-free vulnerability in the Audio component of Google Chrome on Mac prior to version 148.0.7778.96 allows remote code execution within a sandbox via crafted HTML, rated with low severity.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-8002 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-8002.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-8002"
},
{
"cve": "CVE-2026-8004",
"notes": [
{
"category": "description",
"text": "A vulnerability in Google Chrome prior to version 148.0.7778.96 allowed data leakage across origins via malicious extensions due to insufficient DevTools policy enforcement, with the fix also applied to Chromium-based Microsoft Edge.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-8004 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-8004.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-8004"
},
{
"cve": "CVE-2026-8003",
"notes": [
{
"category": "description",
"text": "A low-severity UI spoofing vulnerability in Google Chrome prior to version 148.0.7778.96, caused by insufficient validation of untrusted input in TabGroups, has been fixed and the patch is also incorporated in Chromium-based Microsoft Edge.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-8003 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-8003.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-8003"
},
{
"cve": "CVE-2026-8000",
"notes": [
{
"category": "description",
"text": "A remote code execution vulnerability in ChromeDriver for Google Chrome on Windows before version 148.0.7778.96 was caused by insufficient validation of untrusted input in crafted HTML.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-8000 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-8000.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-8000"
},
{
"cve": "CVE-2026-8001",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
},
{
"category": "description",
"text": "A Use After Free vulnerability in Google Chrome\u0027s printing component on Linux, Mac, and ChromeOS prior to version 148.0.7778.96 allows remote sandbox escape via crafted HTML, rated low severity and fixed in Chromium-based Microsoft Edge as well.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-8001 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-8001.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-8001"
},
{
"cve": "CVE-2026-40416",
"cwe": {
"id": "CWE-451",
"name": "User Interface (UI) Misrepresentation of Critical Information"
},
"notes": [
{
"category": "other",
"text": "User Interface (UI) Misrepresentation of Critical Information",
"title": "CWE-451"
},
{
"category": "description",
"text": "A user interface misrepresentation vulnerability in Microsoft Edge (Chromium-based) allows unauthorized attackers to perform network spoofing, potentially misleading users about network connections.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-40416 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-40416.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-40416"
},
{
"cve": "CVE-2026-42838",
"notes": [
{
"category": "description",
"text": "A vulnerability in Microsoft Edge (Chromium-based) involving improper neutralization of special elements in output can enable unauthorized attackers to elevate privileges over a network.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-42838 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-42838.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-42838"
},
{
"cve": "CVE-2026-42891",
"cwe": {
"id": "CWE-451",
"name": "User Interface (UI) Misrepresentation of Critical Information"
},
"notes": [
{
"category": "other",
"text": "User Interface (UI) Misrepresentation of Critical Information",
"title": "CWE-451"
},
{
"category": "description",
"text": "A user interface misrepresentation vulnerability in Microsoft Edge (Chromium-based) allows unauthorized attackers to conduct network spoofing attacks by misleading users about network connections.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-42891 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-42891.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-42891"
},
{
"cve": "CVE-2026-35429",
"cwe": {
"id": "CWE-451",
"name": "User Interface (UI) Misrepresentation of Critical Information"
},
"notes": [
{
"category": "other",
"text": "User Interface (UI) Misrepresentation of Critical Information",
"title": "CWE-451"
},
{
"category": "description",
"text": "A user interface misrepresentation vulnerability in Microsoft Edge for Android enables unauthorized attackers to perform network spoofing by misleading users about network connections.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-35429 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-35429.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-35429"
},
{
"cve": "CVE-2026-33111",
"cwe": {
"id": "CWE-77",
"name": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
"title": "CWE-77"
},
{
"category": "description",
"text": "A command injection vulnerability in Microsoft Edge\u0027s Copilot Chat due to improper neutralization of special elements allows unauthorized attackers to disclose information over a network.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-33111 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-33111.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-33111"
}
]
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…